[ECODP-dev] on save of a dataset we are redirected to http
Bert Van Nuffelen
bert.van.nuffelen at tenforce.com
Mon Nov 18 20:31:18 UTC 2013
Hi John,
Great! Then that we have fixed too.
On your remark: we use aliasing
WSGIScriptAlias /data /applications/ecodp/users/ecodp/ckan/conf/wsgi.py
So that everything is redirected to the same processes.
An alternative would indeed to split the https and http processes
completely.
kind regards,
Bert
2013/11/18 John Glover <john.glover at okfn.org>
> Hi Bert,
>
> I changed ssl.conf on the test server to add your suggestion
> (RequestHeader set X-Scheme "https") and yes it does seem to work correctly
> now.
>
> By the way, I noticed that this file is missing the WSGIDaemonProcess and
> WSGIProcessGroup lines from the original Apache config.
>
> Regards,
> John
>
>
> On 18 November 2013 21:11, Bert Van Nuffelen <
> bert.van.nuffelen at tenforce.com> wrote:
>
>> Hi John,
>>
>> the above rule seems not to have effect.
>> It seems that
>>
>> RequestHeader set X-Scheme "https"
>>
>> has some effect.
>> On odp.tenforce.com I added that to the ssl.conf and that seems to work.
>>
>> Can you check?
>>
>> Bert
>>
>>
>>
>> 2013/11/18 Bert Van Nuffelen <bert.van.nuffelen at tenforce.com>
>>
>>> Hi John,
>>>
>>> I search again and now I set
>>> RequestHeader set HTTP-X-SCHEME "https"
>>>
>>> Which seems to change the incomming request instead of the respons.
>>>
>>> Bert
>>>
>>>
>>>
>>> 2013/11/18 John Glover <john.glover at okfn.org>
>>>
>>>> Hi Bert,
>>>>
>>>> Just to follow up from our Skype chat earlier: the HTTP_X_SCHEME header
>>>> is still not being passed to the CKAN app on the test server, so I think
>>>> that the Apache config is still not correct.
>>>>
>>>> Regards,
>>>> John
>>>>
>>>>
>>>> On 18 November 2013 14:43, John Glover <john.glover at okfn.org> wrote:
>>>>
>>>>> Hi Bert,
>>>>>
>>>>> The following line in the NGINX config: proxy_set_header X-Scheme
>>>>> $scheme; (this occurs in multiple locations in the NGINX config file).
>>>>>
>>>>> Regards,
>>>>> John
>>>>>
>>>>>
>>>>> On 18 November 2013 14:38, Bert Van Nuffelen <
>>>>> bert.van.nuffelen at tenforce.com> wrote:
>>>>>
>>>>>> Hi John,
>>>>>>
>>>>>> which is the rule that does that?
>>>>>>
>>>>>> Best,
>>>>>>
>>>>>> Bert
>>>>>>
>>>>>>
>>>>>> 2013/11/18 John Glover <john.glover at okfn.org>
>>>>>>
>>>>>>> Hi Bert,
>>>>>>>
>>>>>>> The beaker settings only effect the cookie that is used for
>>>>>>> authentication, they have no impact on the redirects.
>>>>>>>
>>>>>>> I think that the current issue with the redirects is due to the
>>>>>>> Apache setup. With NGINX, for each request we set the header HTTP_X_SCHEME
>>>>>>> to either 'http' or 'https' depending on the request type, and this value
>>>>>>> is then checked by the CKAN application to decide which protocol to use for
>>>>>>> redirects. You have disabled NGINX, but don't seem to be setting this value
>>>>>>> anywhere in the Apache config, and CKAN is therefore defaulting to http.
>>>>>>>
>>>>>>> Regards,
>>>>>>> John
>>>>>>>
>>>>>>>
>>>>>>> On 15 November 2013 10:31, Bert Van Nuffelen <
>>>>>>> bert.van.nuffelen at tenforce.com> wrote:
>>>>>>>
>>>>>>>> Hi John,
>>>>>>>>
>>>>>>>> it seems that the flag beaker.session.secure = true is not checked,
>>>>>>>> or the goal to redirect to is not relative but set absolute.
>>>>>>>>
>>>>>>>> kind regards,
>>>>>>>>
>>>>>>>> Bert
>>>>>>>>
>>>>>>>>
>>>>>>>> 2013/11/15 Bert Van Nuffelen <bert.van.nuffelen at tenforce.com>
>>>>>>>>
>>>>>>>>> Hi John,
>>>>>>>>>
>>>>>>>>> it seems that we have to explicit capture http requests on with
>>>>>>>>> edit in to stay in https?
>>>>>>>>>
>>>>>>>>> I tried also this, but that does not resolve it completely.
>>>>>>>>>
>>>>>>>>> beaker.session.httponly = false
>>>>>>>>> beaker.session.secure = true
>>>>>>>>>
>>>>>>>>> After the save I end up in the http instead of https.
>>>>>>>>>
>>>>>>>>> kind regards,
>>>>>>>>>
>>>>>>>>> Bert
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> 2013/11/15 Bert Van Nuffelen <bert.van.nuffelen at tenforce.com>
>>>>>>>>>
>>>>>>>>>> Hi John,
>>>>>>>>>>
>>>>>>>>>> I think is is subtle: in test we are redirected also to http and
>>>>>>>>>> the "edit" evironment is there active.
>>>>>>>>>> That is hard to spot.
>>>>>>>>>>
>>>>>>>>>> Bert
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> 2013/11/15 Bert Van Nuffelen <bert.van.nuffelen at tenforce.com>
>>>>>>>>>>
>>>>>>>>>>> Hi John,
>>>>>>>>>>>
>>>>>>>>>>> On the test server it seems to work correctly.
>>>>>>>>>>> The only difference I found was that the beaker.session.secure =
>>>>>>>>>>> true was not active on test but active on odp.tenforce.com?
>>>>>>>>>>>
>>>>>>>>>>> What does this parameter has as effect?
>>>>>>>>>>>
>>>>>>>>>>> kind regards,
>>>>>>>>>>>
>>>>>>>>>>> Bert
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> 2013/11/15 Bert Van Nuffelen <bert.van.nuffelen at tenforce.com>
>>>>>>>>>>>
>>>>>>>>>>>> Dear John,
>>>>>>>>>>>>
>>>>>>>>>>>> how does it come that we after adding a dataset [save] are
>>>>>>>>>>>> redirected to http instead stay under https?
>>>>>>>>>>>>
>>>>>>>>>>>> kind regards,
>>>>>>>>>>>>
>>>>>>>>>>>> Bert
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> Bert Van Nuffelen
>>>>>>>>>>>>
>>>>>>>>>>>> Semantic Technologies Software Architect at TenForce
>>>>>>>>>>>> www.tenforce.be
>>>>>>>>>>>>
>>>>>>>>>>>> Bert.Van.Nuffelen at tenforce.com
>>>>>>>>>>>> Office: +32 (0)16 31 48 60
>>>>>>>>>>>> Mobile:+32 479 06 24 26
>>>>>>>>>>>> skype: bert.van.nuffelen
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Bert Van Nuffelen
>>>>>>>>>>>
>>>>>>>>>>> Semantic Technologies Software Architect at TenForce
>>>>>>>>>>> www.tenforce.be
>>>>>>>>>>>
>>>>>>>>>>> Bert.Van.Nuffelen at tenforce.com
>>>>>>>>>>> Office: +32 (0)16 31 48 60
>>>>>>>>>>> Mobile:+32 479 06 24 26
>>>>>>>>>>> skype: bert.van.nuffelen
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Bert Van Nuffelen
>>>>>>>>>>
>>>>>>>>>> Semantic Technologies Software Architect at TenForce
>>>>>>>>>> www.tenforce.be
>>>>>>>>>>
>>>>>>>>>> Bert.Van.Nuffelen at tenforce.com
>>>>>>>>>> Office: +32 (0)16 31 48 60
>>>>>>>>>> Mobile:+32 479 06 24 26
>>>>>>>>>> skype: bert.van.nuffelen
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Bert Van Nuffelen
>>>>>>>>>
>>>>>>>>> Semantic Technologies Software Architect at TenForce
>>>>>>>>> www.tenforce.be
>>>>>>>>>
>>>>>>>>> Bert.Van.Nuffelen at tenforce.com
>>>>>>>>> Office: +32 (0)16 31 48 60
>>>>>>>>> Mobile:+32 479 06 24 26
>>>>>>>>> skype: bert.van.nuffelen
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Bert Van Nuffelen
>>>>>>>>
>>>>>>>> Semantic Technologies Software Architect at TenForce
>>>>>>>> www.tenforce.be
>>>>>>>>
>>>>>>>> Bert.Van.Nuffelen at tenforce.com
>>>>>>>> Office: +32 (0)16 31 48 60
>>>>>>>> Mobile:+32 479 06 24 26
>>>>>>>> skype: bert.van.nuffelen
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> ecodp-dev mailing list
>>>>>>>> ecodp-dev at lists.okfn.org
>>>>>>>> http://lists.okfn.org/mailman/listinfo/ecodp-dev
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> ecodp-dev mailing list
>>>>>>> ecodp-dev at lists.okfn.org
>>>>>>> http://lists.okfn.org/mailman/listinfo/ecodp-dev
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Bert Van Nuffelen
>>>>>>
>>>>>> Semantic Technologies Software Architect at TenForce
>>>>>> www.tenforce.be
>>>>>>
>>>>>> Bert.Van.Nuffelen at tenforce.com
>>>>>> Office: +32 (0)16 31 48 60
>>>>>> Mobile:+32 479 06 24 26
>>>>>> skype: bert.van.nuffelen
>>>>>>
>>>>>> _______________________________________________
>>>>>> ecodp-dev mailing list
>>>>>> ecodp-dev at lists.okfn.org
>>>>>> http://lists.okfn.org/mailman/listinfo/ecodp-dev
>>>>>>
>>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> ecodp-dev mailing list
>>>> ecodp-dev at lists.okfn.org
>>>> http://lists.okfn.org/mailman/listinfo/ecodp-dev
>>>>
>>>>
>>>
>>>
>>> --
>>> Bert Van Nuffelen
>>>
>>> Semantic Technologies Software Architect at TenForce
>>> www.tenforce.be
>>>
>>> Bert.Van.Nuffelen at tenforce.com
>>> Office: +32 (0)16 31 48 60
>>> Mobile:+32 479 06 24 26
>>> skype: bert.van.nuffelen
>>>
>>
>>
>>
>> --
>> Bert Van Nuffelen
>>
>> Semantic Technologies Software Architect at TenForce
>> www.tenforce.be
>>
>> Bert.Van.Nuffelen at tenforce.com
>> Office: +32 (0)16 31 48 60
>> Mobile:+32 479 06 24 26
>> skype: bert.van.nuffelen
>>
>> _______________________________________________
>> ecodp-dev mailing list
>> ecodp-dev at lists.okfn.org
>> http://lists.okfn.org/mailman/listinfo/ecodp-dev
>>
>>
>
> _______________________________________________
> ecodp-dev mailing list
> ecodp-dev at lists.okfn.org
> http://lists.okfn.org/mailman/listinfo/ecodp-dev
>
>
--
Bert Van Nuffelen
Semantic Technologies Software Architect at TenForce
www.tenforce.be
Bert.Van.Nuffelen at tenforce.com
Office: +32 (0)16 31 48 60
Mobile:+32 479 06 24 26
skype: bert.van.nuffelen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/ecodp-dev/attachments/20131118/de256755/attachment-0001.html>
More information about the ecodp-dev
mailing list